Extracted

• • Target

    2e6654d8b32a599c6cb865ea08df462d3d625129f028b98327a29490b71e1619.bin

  • Size

    217KB

  • MD5

    60d822aae6d6ab407ae33ab861ae4bc6

  • SHA1

    b35d00b5a6aaa776a3aff812108fca24dfa6e9e0

  • SHA256

    2e6654d8b32a599c6cb865ea08df462d3d625129f028b98327a29490b71e1619

  • SHA512

    6c60585c341a5bd0fe8d227fcac6838c0b80f2c198bc5860bfe61e1c94ef04e59b7006093844fe8ae23e0be7bea7f40e76113c65a37aa3555fda5fe82a176153

  • SSDEEP

    3072:FHXBvXSSC/sjF9NBjqhur6SUgBhxb/4UqGX7N5qBSnX6TWMxd1rm+EIpEU:5RVj3jUgXGXGX7zSSnX6NBK++U

  Score

  10^/10

  xloader_apkbankercollectiondiscoveryevasionimpactinfostealerpersistencestealthtrojan

  • XLoader payload

  • XLoader, MoqHao

    An Android banker and info stealer.

    trojaninfostealerbankerxloader_apk

  • Checks if the Android device is rooted.

    evasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the content of the MMS message.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests changing the default SMS application.

    collectionimpact
  behavioral1behavioral2behavioral3